1 00:00:00,630 --> 00:00:01,470 In this lesson, 2 00:00:01,470 --> 00:00:05,460 we are going to talk about "Implementing Secure Endpoints". 3 00:00:05,460 --> 00:00:08,300 We're going to look at what private endpoints are, 4 00:00:08,300 --> 00:00:10,880 and spend just a few minutes talking about that. 5 00:00:10,880 --> 00:00:12,350 Then, I'm going to jump into the portal 6 00:00:12,350 --> 00:00:15,610 and I'm going to show you how we can connect to one live. 7 00:00:15,610 --> 00:00:17,190 All right, so let's talk a little bit 8 00:00:17,190 --> 00:00:20,550 about a private endpoint and what it actually is. 9 00:00:20,550 --> 00:00:23,960 A private endpoint is just a way that you can create 10 00:00:23,960 --> 00:00:28,960 to connect a virtual network to a specific Azure resource. 11 00:00:30,490 --> 00:00:33,340 Now, this is really helpful because when you do that, 12 00:00:33,340 --> 00:00:35,380 one, it can provide some additional security 13 00:00:35,380 --> 00:00:39,100 because after you've created your private endpoint, 14 00:00:39,100 --> 00:00:41,100 you can create additional rules 15 00:00:41,100 --> 00:00:44,120 that will remove public internet access entirely. 16 00:00:44,120 --> 00:00:45,790 So that's very helpful. 17 00:00:45,790 --> 00:00:46,623 The other thing is, 18 00:00:46,623 --> 00:00:49,470 if you want to leave your internet access open, 19 00:00:49,470 --> 00:00:52,100 you can actually create filters 20 00:00:52,100 --> 00:00:54,820 to restrict Azure service access 21 00:00:54,820 --> 00:00:58,890 or better monitor what's actually going out of your network. 22 00:00:58,890 --> 00:01:00,410 So with private endpoints, 23 00:01:00,410 --> 00:01:02,760 you need to understand that this is only for endpoints 24 00:01:02,760 --> 00:01:04,830 in Azure virtual network. 25 00:01:04,830 --> 00:01:05,663 In addition to that, 26 00:01:05,663 --> 00:01:09,510 you can only create endpoints in a handful of services. 27 00:01:09,510 --> 00:01:11,150 Now, it's a reasonably large list, 28 00:01:11,150 --> 00:01:13,900 but for the DP-203, we're primarily concerned 29 00:01:13,900 --> 00:01:17,020 with Synapse, Storage, and Key Vault. 30 00:01:17,020 --> 00:01:18,670 Those are the 3 that you're most likely 31 00:01:18,670 --> 00:01:20,640 to use private endpoints on. 32 00:01:20,640 --> 00:01:22,040 You can also do other services 33 00:01:22,040 --> 00:01:25,650 like Event Hubs, Service Bus, 34 00:01:25,650 --> 00:01:28,363 SQL database and some other services like that. 35 00:01:29,490 --> 00:01:31,480 In addition, this is only for traffic 36 00:01:31,480 --> 00:01:33,590 within a virtual network region. 37 00:01:33,590 --> 00:01:36,330 So, you can't connect private endpoints 38 00:01:36,330 --> 00:01:39,300 between services in different regions. 39 00:01:39,300 --> 00:01:41,370 You can also create private endpoints 40 00:01:41,370 --> 00:01:43,350 from on-prem connections, 41 00:01:43,350 --> 00:01:46,210 either by specifying the IP address ranges 42 00:01:46,210 --> 00:01:47,830 or by using ExpressRoute. 43 00:01:47,830 --> 00:01:50,720 You can see that down here at the bottom. 44 00:01:50,720 --> 00:01:51,553 All right, with that, 45 00:01:51,553 --> 00:01:52,830 let me actually jump you in, 46 00:01:52,830 --> 00:01:55,590 and let's take a look at the portal. 47 00:01:55,590 --> 00:01:57,650 So here, we find ourselves in the portal 48 00:01:57,650 --> 00:02:00,050 in my Synapse workspace. 49 00:02:00,050 --> 00:02:02,070 And if I scroll down, you'll see 50 00:02:02,070 --> 00:02:06,070 that I have a Private Endpoint Connections section here. 51 00:02:06,070 --> 00:02:09,583 If I click on that, I can create a new private endpoint. 52 00:02:10,920 --> 00:02:13,560 I just specify my resource group. 53 00:02:13,560 --> 00:02:15,423 I give myself a name. 54 00:02:19,980 --> 00:02:21,960 Go to Next, 55 00:02:21,960 --> 00:02:24,820 and then I can choose my resource type. 56 00:02:24,820 --> 00:02:28,465 So let's just say that I want to use a storage account. 57 00:02:28,465 --> 00:02:29,460 I can choose that, 58 00:02:29,460 --> 00:02:30,330 and then it allows me 59 00:02:30,330 --> 00:02:33,400 to actually pick the storage account that I want to use. 60 00:02:33,400 --> 00:02:37,230 And then I can target what in there I'm actually looking at. 61 00:02:37,230 --> 00:02:38,080 That's pretty much it. 62 00:02:38,080 --> 00:02:40,740 I go through the rest of that, and I can choose that. 63 00:02:40,740 --> 00:02:42,040 And I'm going to just going to let this spin, 64 00:02:42,040 --> 00:02:43,340 because this is going to take a little while. 65 00:02:43,340 --> 00:02:46,140 But the next step is just skipping through tags, 66 00:02:46,140 --> 00:02:48,560 and then finally, to the Review + Create section. 67 00:02:48,560 --> 00:02:50,440 Now, the piece that's important about this 68 00:02:50,440 --> 00:02:53,780 is this does not cost additional funds 69 00:02:53,780 --> 00:02:56,280 to use private endpoints. 70 00:02:56,280 --> 00:02:57,113 All right. 71 00:02:57,113 --> 00:02:58,560 With that, just a couple of key points 72 00:02:58,560 --> 00:03:00,610 that we need to remember for this lesson. 73 00:03:00,610 --> 00:03:02,710 First, it's all about layers. 74 00:03:02,710 --> 00:03:06,060 So, we're back into creating additional layers. 75 00:03:06,060 --> 00:03:08,260 This is going to help us with 1 more tool 76 00:03:08,260 --> 00:03:12,160 that we can use to separate our Azure environments 77 00:03:12,160 --> 00:03:15,440 and separate the resources within our Azure environment 78 00:03:15,440 --> 00:03:16,993 and our VNets. 79 00:03:18,110 --> 00:03:21,650 Next, this is a minor topic on the DP-203. 80 00:03:21,650 --> 00:03:23,960 I didn't spend a ton of time talking about networking 81 00:03:23,960 --> 00:03:26,500 because this is a data engineering certification, 82 00:03:26,500 --> 00:03:27,950 not a networking one. 83 00:03:27,950 --> 00:03:30,120 So just get the basics for this one, 84 00:03:30,120 --> 00:03:31,530 and you should be good to go. 85 00:03:31,530 --> 00:03:33,940 All right, with that, it's on the next lesson. 86 00:03:33,940 --> 00:03:34,890 I'll see you there.